ICSA-26-076-01
Starting with Festo Automation Suite (FAS) version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to download and install Codesys independently. This change impacts the handling of security vulnerabilities (CVEs) related to Codesys. Any Codesys-related security issues must now be addressed by the customer through their separate Codesys installation. The FAS itself includes only the connector component, which is maintained and updated within the suite. Please ensure that Codesys is kept up to date independently to mitigate any potential security risks associated with the Codesys software.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Festo Automation Suite 2.8.0.138 | ||
| CODESYS Development System 3.5.21.20 | ||
| CODESYS Development System 3.0 | ||
| Festo Automation Suite <2.8.0.138 | ||
| CODESYS Development System 3.5.16.10 | ||
| Festo Automation Suite 2.8.0.137 |
Timeline
- Feb 26, 2026 CVE Published
- Mar 17, 2026 CVE Updated
References
- https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2026/fsa-202601.json advisory
- https://certvde.com/en/advisories/vendor/festo/ url
- https://www.festo.com/psirt url
- https://certvde.com/en/advisories/VDE-2025-108 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-2595 url
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-076-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url